Riscure is an exceptional team of experts offering security robustness evaluation and certification services as well as tools and training for embedded devices development for over 20 years.
Internet of Things (IoT) refers to a wide variety of embedded and connected devices that are used in various application areas. IoT devices include consumer and retail products such as toys, cameras, smart locks and tags; industrial devices (PLC, IED, switches, and routers); health care products (PET, CET scans and MRIs, glucose monitors, pacemakers, CPAP machines, and other); and devices used in utilities infrastructure (such as smart meters).
While use cases are varied, the security technology and concepts are quite similar. Due to those similarities, various standards and requirements in these domains are easily adopted and used by security experts of Riscure.
IoT – Platforms and components
Riscure’s extensive experience with the security evolution of chipset/platforms and components covers most of the needs of IoT chipset and platform vendors.
As a chipset, and the platform that is created around it, forms the base on top of which device functionality gets implemented, it also provides the security foundation for that device. Therefore, the market is searching for ways to assess the security provided by these components. Riscure is actively participating in creating an environment where the security benefits of chipsets and components can be leveraged by device makers. Such evaluations, and especially certification, give device makers the confidence that these components can be relied on and give the component manufacturers an opportunity to market the security level of their products.
Riscure is an accredited evaluation laboratory for Common Criteria, PSA Certified, SESIP, and Global Platform security evaluations. With significant experience also coming from other markets such as the payments industry and content protection, and because of the unique combination with training and tools focused on chipset/platform vendors, Riscure is the number one choice for silicon vendors.
IoT – Consumer & Retail
Riscure has evaluated a significant number of consumer and retail devices in the past 20 years. Even before any regulation or certification was available, Riscure was working with developers to improve the security level of consumer and retail devices.
Government regulations are starting to address the security of the consumer devices segment. Most of the governments are starting with standards that are not directly legally enforced. This is to not immediately create enormous stress on the developing companies. However, there is the intention to shift to enforcing these standards at a certain point. A few legislators around the world have decided to enforce it immediately. As vendors are preparing to comply with such regulations, Riscure is a unique partner for IoT developers because of its experience from past evaluations combined with its thorough knowledge and understanding of well-recognized standards for consumer IoT devices (ETSI EN 303 645 and NIST NISTIR 8259.
If you are building a brand and want to use security as a differentiator or are interested in using certification to address future legislation and potential liability, consult Riscure to help you answer your security questions.
IoT – Industrial embedded components
The connectivity of critical infrastructure systems requires much stronger consideration of device trustworthiness and integrity of the data flow. The international standardization organizations IEC and ISA recognize the relevance of devices such as PLC, IED, switches, gateways, and routers for industrial system security. The ISA/IEC 62443-4-1 and -4-2 standards are setting the framework for industrial devices with respect to secure development and different levels of security of embedded systems.
Due to our device-centric heritage, our team is uniquely positioned to evaluate the security of architectures that include substantial hardware and software interdependencies like many of today’s IoT systems. Our software expertise is grounded in two decades of embedded device experience.
IoT – Smart grid and smart meters
Smart Metering is being implemented in many countries around the world. The European Parliament mandates Smart Metering to be implemented by 2022, while the US Government considers Smart Metering key to national efforts to further energy independence.
Riscure has a significant track record of smart meter security evaluations according to the Dutch smart meter security requirements. Riscure can help you address all relevant security questions concerning smart grid products. From design reviews to help your development team deliver a secure solution, all the way to testing the final product for standards compliance and/or your own security requirements review.
Network and IoT
Security on the device level and network security go hand in hand. The security of devices with network connectivity, such as switches, routers, modems, and gateways, can influence the security of local as well as wider area networks. Riscure worked with many vendors and operators to test and demonstrate the security robustness of these IoT devices.
Next to traditional networks, 5G networks are quickly getting deployed, redefining device connectivity. In addition to the existing security challenges of a cellular network, any 5G development has to incorporate the emerging security aspects that concern Multi-access Edge Computing (MEC) services, lawful interception functionality, general availability of software and APIs to users. Often seen as the critical technology for economical well-being, 5G will also be integrated into adjacent industries such as automotive, where it uses V2X communication concepts.
Riscure has more than 20 years of experience in networking device security testing. Riscure also works together with Keysight, which offers our customers a combination of device testing tools and services, with device interfacing and network simulation tools.
IoT – Healthcare device security
Compared to other industries, healthcare device security has not progressed in all regions at the same level. However, some inquires arrived at Riscure’s doorstep over time. For example, Riscure has evaluated doctor and patient authentication protocols, which often form the foundation for a secure data flow and use of connected devices and systems.
With USA FDA cybersecurity recommendations and European MDCG 2019-16 (MDR, IVDR), and IEC/TR 60601-4-5, mostly focusing on security process and basic security concepts, the security relevance is recognized within the field. It is expected that in the future, the security of medical devices will take a large leap to protect the patient’s safety and privacy.
If you are in the process of developing medical IoT devices and would like to learn more about security and security regulations in this domain, Riscure can support you.
Next to training, advisory, testing, and certification-related activities already mentioned, Riscure supports solution developers with embedded security knowledge for adjacent IoT markets such as transportation, public safety and security (smart locks, cameras), and smart cities.
- Contact us
Pascal van Gimst
- Vice President Global Services Sales and Business Development